@Krishna: yeah, this kinda assumes that you have access to that table. We don't want just anybody to be able to see these passwords in the clear, do we? Still, I would argue that the credential system is a much better mechanism to safeguard this information - and that's what the SQL Server should use.

Thanks for this, we had the same problem and were surprised how easy it was to find the password. What was also rather concerning was that our previous dba had decided that 'password' was a suitable password.